Fix various issues

The fixes here include typos, removals of deprecated paths, fixes for
first-boot-only systemd targets and related MariaDB migrate machinery,
better logging for Postfix, and an increase in the default request body
size for the default NGINX ingress.

README.md

@@ -71,7 +71,7 @@ but also be managed throughout the server's life-cycle.
 
 The mechanisms for building and deploying services are simple and fairly consistent. Firstly, Podman
 containers and systemd services are built and enabled using the included `container-build` systemd
-service. This will read files from `/etc/container-services` (copied onto the server during
+service. This will read files from `/etc/container-service` (copied onto the server during
 deployment) and build container images and systemd service definitions as needed.
 
 ## License

config/common/container.bu

@@ -9,8 +9,6 @@ storage:
   directories:
     - path: /etc/container-service
       mode: 0700
-    - path: /var/lib/container-service
-      mode: 0700
 systemd:
   units:
     - name: container-build@.service

config/common/systemd/container-build@.service

@@ -6,6 +6,7 @@ ConditionPathExists=/etc/container-service/%i/Containerfile
 
 [Service]
 Type=oneshot
+RemainAfterExit=true
 Environment=PODMAN_BUILD_OPTIONS="--no-cache"
 ExecStart=/bin/podman build $PODMAN_BUILD_OPTIONS --file /etc/container-service/%i/Containerfile --tag localhost/%i:latest /etc/container-service/%i
 

config/service/dovecot/systemd/dovecot-firstboot.target

@@ -1,9 +1,9 @@
 [Unit]
 Description=Initialize Dovecot POP3/IMAP server
-Wants=first-boot-complete.target mariadb-migrate@dovecot.service dovecot.service
+Wants=mariadb-migrate@dovecot.service dovecot.service
 After=mariadb-migrate@dovecot.service
-Before=first-boot-complete.target dovecot.service
-ConditionFirstBoot=true
+Before=dovecot.service
+ConditionKernelCommandLine=ignition.firstboot
 
 [Install]
 WantedBy=multi-user.target

config/service/mariadb/systemd/mariadb-migrate@.service

@@ -8,12 +8,16 @@ ConditionPathExists=/etc/container-service/%i/service/%p.sql
 Type=oneshot
 EnvironmentFile=-/etc/container-service/%i/%i.env
 EnvironmentFile=/etc/container-service/mariadb/mariadb.env
-ExecStartPre=/bin/sh -c 'envsubst < %E/container-service/%i/service/%p.sql > /tmp/%N.sql'
-ExecStart=/bin/podman run --replace --pull never --rm --name mariadb-migrate-%i --net internal \
-                          --volume mariadb:/var/lib/mysql:z --volume /tmp:/tmp \
-                          --entrypoint mariadb localhost/mariadb:latest \
-                          --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} -e 'source /tmp/%N.sql'
-ExecStartPost=/bin/rm -f /tmp/%N.sql
+ExecStartPre=/bin/install --mode 0700 --directory /tmp/%N
+ExecStartPre=/bin/sh -c 'envsubst < /etc/container-service/%i/service/%p.sql > /tmp/%N/migrate.sql'
+ExecStartPre=/bin/podman create --replace --pull never --rm --name mariadb-migrate-%i --net internal \
+                                --volume mariadb:/var/lib/mysql:z \
+                                --entrypoint mariadb localhost/mariadb:latest \
+                                --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} -e 'source /migrate.sql'
+ExecStartPre=/bin/podman cp /tmp/%N/migrate.sql mariadb-migrate-%i:/migrate.sql
+ExecStart=/bin/podman start --attach mariadb-migrate-%i
+ExecStartPost=/bin/podman rm --force mariadb-migrate-%i
+ExecStartPost=/bin/rm -Rf /tmp/%N
 
 [Install]
 WantedBy=multi-user.target

config/service/mariadb/systemd/mariadb.service

@@ -13,7 +13,7 @@ ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
 ExecStartPost=/bin/podman run --replace --pull never --rm --name %N-wait --net internal \
                               --volume %N:/var/lib/mysql:z \
                               --entrypoint mariadb-admin localhost/%N:latest \
-                              --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=10 ping
+                              --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=30 ping
 ExecStop=/bin/podman stop --time 10 %N
 ExecStopPost=/bin/podman rm --force %N
 

config/service/nginx/container/config/nginx.conf

@@ -97,6 +97,11 @@ http {
   # https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
   keepalive_timeout 20s;
 
+  # The maximum size allowed for request bodies.
+  # Default: 1m
+  # http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
+  client_max_body_size 32m;
+
   # Speed up file transfers by using `sendfile()` to copy directly between
   # descriptors rather than using `read()`/`write()``.
   # For performance reasons, on FreeBSD systems w/ ZFS this option should be

config/service/postfix/container/config/main.cf.template

@@ -5,6 +5,9 @@
 # Version 2 is current for Postfix > 3.2 configuration.
 compatibility_level = 2
 
+# Log to standard output.
+maillog_file = /dev/stdout
+
 # Base hostname used for this mail-server.
 myhostname = ${POSTFIX_HOST}
 myorigin = $mydomain

config/service/postfix/container/config/master.cf

@@ -30,4 +30,5 @@ local      unix  -       n       n       -       -       local
 virtual    unix  -       n       n       -       -       virtual
 lmtp       unix  -       -       n       -       -       lmtp
 anvil      unix  -       -       n       -       1       anvil
-scache     unix  -       -       n       -       1       scache
+scache     unix  -       -       n       -       1       scache
+postlog    unix-dgram n  -       n       -       1       postlogd

config/service/postfix/container/run-postfix

@@ -1,9 +1,5 @@
 #!/bin/sh
 
-# Log to standard error.
-(syslog-ng --no-caps --foreground) &
-(tail -F /var/log/mail.log) &
-
 # Prepare configuration files for environment variable substitution.
 ENV_NAMES="`env | awk -F '=' '{printf "$%s ", $1}'`"
 for file in /etc/postfix/*.template; do

config/service/prosody/systemd/prosody-firstboot.target

@@ -1,9 +1,9 @@
 [Unit]
 Description=Initialize Prosody XMPP server
-Wants=first-boot-complete.target mariadb-migrate@prosody.service prosody.service
+Wants=mariadb-migrate@prosody.service prosody.service
 After=mariadb-migrate@prosody.service
-Before=first-boot-complete.target prosody.service
-ConditionFirstBoot=true
+Before=prosody.service
+ConditionKernelCommandLine=ignition.firstboot
 
 [Install]
 WantedBy=multi-user.target

config/service/rspamd/systemd/rspamd-dkim-generate@.service

@@ -8,7 +8,7 @@ Type=oneshot
 ExecStartPre=/bin/podman exec rspamd install -d /var/lib/rspamd/dkim
 ExecStart=/bin/podman exec rspamd openssl genrsa -out /var/lib/rspamd/dkim/%i.dkim.key 1024
 ExecStartPost=/bin/podman exec rspamd chmod 644 /var/lib/rspamd/dkim/%i.dkim.key
-ExecStartPost=/bin/podman exec rspamd sh -c 'echo "Public DKIM key:"; openssl rsa -in /var/lib/container-service/rspamd/dkim/%i.dkim.key -pubout -outform der 2> /dev/null | openssl base64 -A'
+ExecStartPost=/bin/podman exec rspamd sh -c 'echo "Public DKIM key:"; openssl rsa -in /var/lib/rspamd/dkim/%i.dkim.key -pubout -outform der 2> /dev/null | openssl base64 -A'
 
 [Install]
 WantedBy=multi-user.target

config/service/spectrum/Containerfile

@@ -1,4 +1,4 @@
-FROM debian:stable-slim
+FROM docker.io/debian:stable-slim
 ARG VERSION=2.0.13
 
 ENV BUILD_DEPS="curl gnupg apt-transport-https build-essential git libpurple-dev libglib2.0-dev libjson-glib-dev libhttp-parser-dev graphicsmagick-imagemagick-compat"